# HG changeset patch
# User Dan
# Date 1227239965 18000
# Node ID ea3045a3bcbde8b3c052e08721d12fe6f05d296b
# Parent e39454295bbb5e078f57c13515ee0c274e4e4ef7
Added dependency checking in ACL tracer
diff -r e39454295bbb -r ea3045a3bcbd includes/clientside/css/enano-shared.css
--- a/includes/clientside/css/enano-shared.css Thu Nov 20 22:59:11 2008 -0500
+++ b/includes/clientside/css/enano-shared.css Thu Nov 20 22:59:25 2008 -0500
@@ -910,3 +910,12 @@
.acl_local_everyone { background-color: #FFD6D6; }
.acl_local_group { background-color: #FFC6C6; }
.acl_local_user { background-color: #FFB6B6; }
+
+span.acl_failed_deps {
+ font-weight: bold;
+ font-size: smaller;
+}
+
+span.acl_failed_deps span.title {
+ color: #ff0000;
+}
diff -r e39454295bbb -r ea3045a3bcbd includes/clientside/static/acl.js
--- a/includes/clientside/static/acl.js Thu Nov 20 22:59:11 2008 -0500
+++ b/includes/clientside/static/acl.js Thu Nov 20 22:59:25 2008 -0500
@@ -1385,6 +1385,27 @@
sm.appendChild(editlink);
sm.innerHTML += ']';
}
+
+ if ( perm.bad_deps.length > 0 )
+ {
+ var bd = document.createElement('span');
+ $(bd).addClass('acl_failed_deps');
+ var failed_deps = '';
+ for ( var i = 0; i < perm.bad_deps.length; i++ )
+ {
+ if ( i > 0 )
+ failed_deps += ', ';
+ failed_deps += data.perms[perm.bad_deps[i]].perm_name;
+ }
+ var title = document.createElement('span');
+ $(title).addClass('title');
+ title.appendChild(document.createTextNode($lang.get('acl_msg_failed_deps')));
+ bd.appendChild(title);
+ bd.appendChild(document.createTextNode(failed_deps));
+
+ item.appendChild(document.createElement('br'));
+ item.appendChild(bd);
+ }
}
// var ret = wrapper.cloneNode(true);
@@ -1418,8 +1439,6 @@
groupdata[perm['rule_id']]['rules'][i] = perm;
}
- console.debug('draw by rule - group data: ', groupdata);
-
for ( var i in groupdata )
{
var group = groupdata[i];
@@ -1451,6 +1470,27 @@
b.appendChild(document.createTextNode(rule.perm_value));
rulediv.appendChild(b);
grp.appendChild(rulediv);
+
+ if ( rule.bad_deps.length > 0 )
+ {
+ var bd = document.createElement('span');
+ $(bd).addClass('acl_failed_deps');
+ var failed_deps = '';
+ for ( var i = 0; i < rule.bad_deps.length; i++ )
+ {
+ if ( i > 0 )
+ failed_deps += ', ';
+ failed_deps += data.perms[rule.bad_deps[i]].perm_name;
+ }
+ var title = document.createElement('span');
+ $(title).addClass('title');
+ title.appendChild(document.createTextNode($lang.get('acl_msg_failed_deps')));
+ bd.appendChild(title);
+ bd.appendChild(document.createTextNode(failed_deps));
+
+ rulediv.appendChild(document.createElement('br'));
+ rulediv.appendChild(bd);
+ }
}
wrapper.appendChild(grp);
}
diff -r e39454295bbb -r ea3045a3bcbd includes/pageutils.php
--- a/includes/pageutils.php Thu Nov 20 22:59:11 2008 -0500
+++ b/includes/pageutils.php Thu Nov 20 22:59:25 2008 -0500
@@ -2061,7 +2061,8 @@
'perm_name' => $perm_name,
'perm_value' => $perm_string,
'perm_src' => $src_l10n,
- 'rule_id' => intval($lookup_data['rule_id'])
+ 'rule_id' => intval($lookup_data['rule_id']),
+ 'bad_deps' => $perms->acl_check_deps($perm_type, true)
);
}
diff -r e39454295bbb -r ea3045a3bcbd includes/sessions.php
--- a/includes/sessions.php Thu Nov 20 22:59:11 2008 -0500
+++ b/includes/sessions.php Thu Nov 20 22:59:25 2008 -0500
@@ -3094,16 +3094,18 @@
* @return bool
*/
- function acl_check_deps($type)
+ function acl_check_deps($type, $debug = false)
{
- if(!isset($this->acl_deps[$type])) // This will only happen if the permissions table is hacked or improperly accessed
+ // This will only happen if the permissions table is hacked or improperly accessed
+ if(!isset($this->acl_deps[$type]))
return true;
+ // Permission has no dependencies?
if(sizeof($this->acl_deps[$type]) < 1)
return true;
+ // go through them all and build a flat list of dependencies
$deps = $this->acl_deps[$type];
while(true)
{
- $full_resolved = true;
$j = sizeof($deps);
for ( $i = 0; $i < $j; $i++ )
{
@@ -3116,15 +3118,23 @@
$j = sizeof($deps);
}
}
- //die(''.print_r($deps, true).'
');
+ $debugdata = array();
foreach($deps as $d)
{
- if ( !$this->get_permissions($d) )
+ // Our dependencies are fully resolved, so tell get_permissions() to not recursively call this function
+ if ( !$this->get_permissions($d, true) )
{
- return false;
+ if ( $debug )
+ {
+ $debugdata[] = $d;
+ }
+ else
+ {
+ return false;
+ }
}
}
- return true;
+ return $debug ? $debugdata : true;
}
/**
@@ -3934,7 +3944,7 @@
$this->page_id = $page_id;
$this->namespace = $namespace;
- $pathskey = $paths->nslist[$this->namespace].$this->page_id;
+ $pathskey = $paths->nslist[$this->namespace].sanitize_page_id($this->page_id);
$ppwm = 2;
if ( isset($paths->pages[$pathskey]) )
{
@@ -3949,7 +3959,7 @@
$this->wiki_mode = false;
else if ( $ppwm == 2 )
{
- if ( $session->user_logged_in )
+ if ( $this->user_id > 1 )
{
$this->wiki_mode = ( getConfig('wiki_mode') == '1' );
}
@@ -4046,19 +4056,22 @@
/**
* Tell us if the dependencies for a given permission are met.
* @param string The ACL permission ID
+ * @param bool If true, does not return a boolean value, but instead returns array of dependencies that fail
* @return bool
*/
- function acl_check_deps($type)
+ function acl_check_deps($type, $debug = false)
{
- if(!isset($this->acl_deps[$type])) // This will only happen if the permissions table is hacked or improperly accessed
- return true;
+ // This will only happen if the permissions table is hacked or improperly accessed
+ if(!isset($this->acl_deps[$type]))
+ return $debug ? array() : true;
+ // Permission has no dependencies?
if(sizeof($this->acl_deps[$type]) < 1)
- return true;
+ return $debug ? array() : true;
+ // go through them all and build a flat list of dependencies
$deps = $this->acl_deps[$type];
while(true)
{
- $full_resolved = true;
$j = sizeof($deps);
for ( $i = 0; $i < $j; $i++ )
{
@@ -4071,15 +4084,23 @@
$j = sizeof($deps);
}
}
- //die(''.print_r($deps, true).'
');
+ $debugdata = array();
foreach($deps as $d)
{
- if ( !$this->get_permissions($d) )
+ // Our dependencies are fully resolved, so tell get_permissions() to not recursively call this function
+ if ( !$this->get_permissions($d, true) )
{
- return false;
+ if ( $debug )
+ {
+ $debugdata[] = $d;
+ }
+ else
+ {
+ return false;
+ }
}
}
- return true;
+ return $debug ? $debugdata : true;
}
/**
diff -r e39454295bbb -r ea3045a3bcbd language/english/admin.json
--- a/language/english/admin.json Thu Nov 20 22:59:11 2008 -0500
+++ b/language/english/admin.json Thu Nov 20 22:59:25 2008 -0500
@@ -172,6 +172,7 @@
msg_debug_main_title: 'View effective permissions',
msg_debug_main_body: 'This tool allows you to see what actual permissions are in use. It can be helpful if you are struggling to determine why a certain action is being allowed or denied. There are two views available for this window: you can either view the information sorted by individual actions, or group actions by which rule sets them.',
msg_trace_key: 'Color guide',
+ msg_failed_deps: 'Failed dependencies: ',
btn_success_dismiss: 'dismiss',
btn_success_close: 'close manager',